Limit the number of Tier 1 mirrors to 10, to ensure adequate bandwidth for these. Adjust number up or down depending on capability of the masters.

Must carry everything under fedora-enchilada and fedora-epel. This allows Tier 2 mirrors to exclude what they wish, but get everything if they so wish. This means at least 1TB of disk space for the Fedora portion of this server.

Must have a 1 Gigabit connection to the Internet, or faster.

Must have an active, available, responsive mirror administrator during the days content is staged.

Must have at least 2 Internet2-connected Tier 1 mirrors.

Must have at least 1 Tier 1 mirror on each continent for which we have Tier 2 mirrors

Must serve private rsync (see below for configuration)

Master Mirrors

dl0[12345].fedoraproject.org, in Phoenix, AZ, USA.

dl.fedoraproject.org is a DNS round-robin to dl[12345].

download-i2.fedora.redhat.com in Raleigh, NC, USA (Internet2, NLR, and those reachable over NLR only)

Tier 0 Mirrors

Tier 0 mirrors can pull from Red Hat directly over the Internet2 connection.

Tier 1 Rsync configuration

Below is an example rsyncd.conf file for a Tier 0 or Tier 1 mirror that provides private rsync access to select downstream Tier 2 mirrors. You may do this via either IP or DNS-based access control, or by a shared username/password which you give to your selected Tier 2 mirrors directly.

The key to this is that the Tier 0/1 mirror rsyncs content using a user account (e.g. mirror used below), and you serve content to Tier 2 mirrors using a private rsync module that runs as that same user account, while providing public non-authenticated rsync using the nobody account. In this way, Tier 2 mirrors may obtain content before the permissions are made world readable.